Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

To work settings on Switch to protect Interface from any intruder device How reserve Interface for trusted devices?

ماهو الامر على Switch لحماية الانترفيس من اجهزه غير موثوقه

user-image
Question ajoutée par abdalrahman mohmmad , IT Engineer , mixfm
Date de publication: 2013/09/18
abdalrahman mohmmad
par abdalrahman mohmmad , IT Engineer , mixfm

باختصار شديد ندخل داخل intrerface ونكتب الامر :

 

switchport mode access #

switchport port security mac address sticky #

او لحجز اكثر من mac

 

switchport port-security maximum2 # 

 

 

Mostafa Abdo
par Mostafa Abdo , Senior Infrastructure and Security Architect , Devoteam

by configuring Switch Port Security on the Access Switch, and there are three different types of secure MAC address:

•Static secure MAC addresses—This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration

•Dynamic secure MAC addresses—This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration.

•Sticky secure MAC addresses—This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.

then to configure after the mode The action that the device takes when one of these violations occurs can be configured:

•Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.

•Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.

•Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.•Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.

Mohammad Elwasefy Elsayed
par Mohammad Elwasefy Elsayed , Senior IT Network and Security Engineer , Comlogic-SCC-ITconsultancy

There is another method for restricting devices accessing specific Vlan

which called : VACL "Vlan access control list" or PACL "Port access control list"

Restrict

Static secure MAC addresses

Shutdown

Dynamic secure MAC addresses

هاشم المشارقة
par هاشم المشارقة , Key Account Manager , Advanced United Systems Ltd. ( A member of Taj Holding Group)

أولا اربط الأجهزة بمنافذها لأن في لحظة توجيه الأمر سيقوم بحفظ العناويين الفيزيائية على كل منفذ كي يسمح لها و يمنع سواها

استخدم الأمر لتالي :

switchport protected

هذا يجعل كل منفذ من منافذ السويتش يقبل فقط الجهاز المرتبط به لحظة توجيه الأمر

و شكرا على الدعوة

sherif fathiy mahmoud
par sherif fathiy mahmoud , IT Technical Support , Concrete factory

switchport port-security

Abhi Mukherjee
par Abhi Mukherjee , Network Enginner , Accenture Services Pvt Ltd.

This problem can te address by configuring port security on that perticuler interface, genarally called as a "sticky port" and restricting traffic per basis of MAC address. 

Osama Ismaeel
par Osama Ismaeel , Customer Solutions Architect - VPO (VPN Owner) , Orange Business Services

most commonly ways:  using MAC address filtering protection, or dot1x authentication

More Questions Like This